Developing Open Standards and Certification/Accreditation Programs to Help Assure Product Integrity and Global Supply Chain Security
The Open Group Trusted Technology Forum (OTTF) leads the development of a global supply chain integrity program and framework in order to provide buyers of IT products with a choice of certified technology partners and vendors. The Open Trusted Technology Provider Standard - Mitigating Maliciously Tainted and Counterfeit Products - V1.1.1, Part 1 & Part 2 (O-TTPS) was published in September 2018 and was approved by ISO/IEC as ISO/IEC 20243:2018. The two standards are technically equivalent—Parts 1 & 2 may be downloaded for free from The Open Group at the above links. Parts 1 & 2 are also available for a fee from ISO here: https://www.iso.org/standard/74399.html (part 1) and here https://www.iso.org/standard/74400.html (part 2).
The O-TTPS V1.1.1 is an open standard containing a set of organizational guidelines, requirements, and recommendations for integrators, OEMS, hardware and software component suppliers, distributors and value-add resellers, to enhance the security of the global supply chain and the integrity of commercial off the shelf (COTS) information and communication technology (ICT). This standard if properly adhered to will help assure against maliciously tainted and counterfeit components and products throughout the COTS ICT product life cycle encompassing the following phases: design, sourcing, build, fulfillment, distribution, sustainment, and disposal.
The O-TTPS Certification Program, which is publically available and applicable to ICT: OEMs, integrators, hardware and software component suppliers, distributors and value-add resellers. For more information, please visit the certification website at www.opengroup.org/certifications/o-ttps
A brief overview of the OTTF objectives and deliverables is provided in the 2-page OTTF Information Sheet.
Dave Lounsbury, The Open Group's CTO, was asked to testify in front of a US Congressional Subcommittee on behalf of the OTTF regarding the significance of the government-industry partnership and the OTTF work on organizational best practices for securing the global supply chain. For more information please view Dave Lounsbury's blog on that testimony and the relevance of the OTTF in that space.
The OTTF supports the development and utilization of the O-TTPS (Standard), the O-TTPS Certification Program, procurement strategies, and related activities that:
- Help Technology Providers and their Customers to “Build with Integrity, Buy with Confidence"™
- Support global innovation
- Moderate the unintended consequences of regulation
- Reduce risk and compliance costs
- Protect operational assets
The OTTF provides a vendor-neutral environment where security, supply chain, and acquisition professionals can lead the development of industry best practices and certification programs, utilize The Open Group’s broad reach to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. We welcome the participation of all who want to influence the direction of the OTTF.
The current OTTF members of The Open Group Trusted Technology Forum are here.